dea7b64b5faf84fda767373caa41c5b9c22df730806ee134c20aa2fc15db78d5

Analysis

max time kernel
142s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

223813ceb88edbfde22d82ebb222db6c.exe
Size

685KB
MD5

223813ceb88edbfde22d82ebb222db6c
SHA1

71ca083274c34312b666989684922c680fe5524d
SHA256

dea7b64b5faf84fda767373caa41c5b9c22df730806ee134c20aa2fc15db78d5
SHA512

9bb15b2b83fbb2fae6a7bd6e2f833f740ce961c4906616e49bace0823ddf79d68cee15c3b416607377753dae218dba81787ac6a7b5de505e041edf311730560d
SSDEEP

12288:5VGbImthaXa5j2asmTgnTlVY+KaBwPBlF3Z4mxxpDqVTVOCi:5gEmt7xgbwbQmXAVTzi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2684	iexplore.ra

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\iexplore.ra	223813ceb88edbfde22d82ebb222db6c.exe
File opened for modification	C:\Windows\iexplore.ra	223813ceb88edbfde22d82ebb222db6c.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2288	223813ceb88edbfde22d82ebb222db6c.exe
Token: SeDebugPrivilege	2684	iexplore.ra

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2684	iexplore.ra

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2580	2684	iexplore.ra	28
PID 2684 wrote to memory of 2580	2684	iexplore.ra	28
PID 2684 wrote to memory of 2580	2684	iexplore.ra	28
PID 2684 wrote to memory of 2580	2684	iexplore.ra	28

C:\Users\Admin\AppData\Local\Temp\223813ceb88edbfde22d82ebb222db6c.exe
"C:\Users\Admin\AppData\Local\Temp\223813ceb88edbfde22d82ebb222db6c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2288

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:2580

C:\Windows\iexplore.ra
C:\Windows\iexplore.ra
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2288-10-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2288-42-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-11-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-19-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-29-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-40-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-49-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2288-48-0x0000000000590000-0x0000000000592000-memory.dmp

Filesize
8KB

Download
memory/2288-47-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2288-46-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-45-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-44-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-43-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-61-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/2288-41-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-39-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-38-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-37-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-36-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-35-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-34-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-33-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-32-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-31-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-30-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-28-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-27-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-62-0x0000000000340000-0x0000000000394000-memory.dmp

Filesize
336KB

Download
memory/2288-1-0x0000000000340000-0x0000000000394000-memory.dmp

Filesize
336KB

Download
memory/2288-2-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2288-3-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/2288-4-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2288-25-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-5-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2288-6-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2288-7-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2288-26-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-8-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2288-24-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-23-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-22-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-21-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-20-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-18-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-17-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-16-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-15-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-14-0x0000000003230000-0x00000000032D2000-memory.dmp

Filesize
648KB

Download
memory/2288-0-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/2288-9-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2684-59-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2684-63-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/2684-60-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/2684-57-0x0000000003110000-0x00000000031B2000-memory.dmp

Filesize
648KB

Download
memory/2684-58-0x00000000021D0000-0x00000000021D2000-memory.dmp

Filesize
8KB

Download
memory/2684-54-0x0000000003110000-0x00000000031B2000-memory.dmp

Filesize
648KB

Download
memory/2684-56-0x0000000003110000-0x00000000031B2000-memory.dmp

Filesize
648KB

Download
memory/2684-51-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/2684-53-0x0000000003110000-0x00000000031B2000-memory.dmp

Filesize
648KB

Download
memory/2684-55-0x0000000003110000-0x00000000031B2000-memory.dmp

Filesize
648KB

Download
memory/2684-65-0x0000000003110000-0x00000000031B2000-memory.dmp

Filesize
648KB

Download
memory/2684-70-0x0000000003110000-0x00000000031B2000-memory.dmp

Filesize
648KB

Download
memory/2684-69-0x0000000003110000-0x00000000031B2000-memory.dmp

Filesize
648KB

Download
memory/2684-68-0x0000000003110000-0x00000000031B2000-memory.dmp

Filesize
648KB

Download
memory/2684-67-0x0000000003110000-0x00000000031B2000-memory.dmp

Filesize
648KB

Download
memory/2684-66-0x0000000003110000-0x00000000031B2000-memory.dmp

Filesize
648KB

Download